4
I am wondering if a USB device could potentially be a security hole on a properly configured system just by being plugged in. This was inspired by a post on BitLocker, namely the phrase:
USB devices, after all, get direct access to the system's memory
As far as I know, USB devices don't literally have such access - right? But I can imagine a driver that gives a USB device such an ability.
Are any standard USB device drivers, shipped with Win7, known to expose arbitrary physical memory locations to the USB device?
RomanSt
Posted 2011-05-29T17:54:52.327
Reputation: 7 830
1I'm almost sure that only Firewire and Thunderbolt devices get such access. – Dr McKay – 2011-05-29T18:03:04.397
I cannot imagine that such a flaw exists, as it would be very major and very simple. Poor proof I know but... – soandos – 2011-05-29T18:13:46.097
1@DrMcKay so could a specially crafted Thunderbolt device read all the physical memory in a system? Or only a subset of it that was reserved specifically for this purpose, wiped of any potentially sensitive previous data? – RomanSt – 2011-05-29T18:37:25.320
1
@romkyns Memory access is totally unrestricted. And yes, it's a whole memory.
– Dr McKay – 2011-05-29T21:28:58.727Mac: http://www.theregister.co.uk/2011/02/24/thunderbolt_mac_threat/ and Windows: http://www.friendsglobal.com/papers/FireWire%20Memory%20Dump%20of%20Windows%20XP.pdf (it's about Firewire as I have no idea if Windows supports Thunderbolt). In fact, both protocols give any device a blind trust.
I'm pretty sure most USB drivers run in user-mode now, so the whole physical memory access issue is non-existent. I'm writing some USB drivers right now actually, and don't see how I could gain access to anything until my device is initialized by some software. However, even if I were to have that ability, being in user-mode would just BSOD the system before anything happened. – Breakthrough – 2011-05-30T02:16:45.533
@Breakthrough sounds like an answer, why don't you post it and I'll accept :) – RomanSt – 2011-05-31T10:45:02.310